Better security

First off, if you have not read Dominick Baier's book yet - GO READ IT
NOW. That is the book I wish I had read first - would have saved me
boatloads of time.

Ok, on to the question. It seems to me the best way to store secrets
that we need to plaintext of (ie can't just hash and save the hash) is
to:

Have person A know the connection string to the database.

Have person B know the symentric key used to encrypt the secrets

Have person C be the only one with access to the server and to the
web.config file.

The question is, how do we get the ifno from person's A & B into the
Web.Config file and encrypted in the Web.Config file. If person C does
that they've seen them unencrypted. If person A & B do it, they are
then on the server for a short period of time.

"David Thielen" wrote:
> Hi;
>
> First off, if you have not read Dominick Baier's book yet - GO READ IT
> NOW. That is the book I wish I had read first - would have saved me
> boatloads of time.
>
> Ok, on to the question. It seems to me the best way to store secrets
> that we need to plaintext of (ie can't just hash and save the hash) is
> to:
>
> Have person A know the connection string to the database.
>
> Have person B know the symentric key used to encrypt the secrets
>
> Have person C be the only one with access to the server and to the
> web.config file.
>
> The question is, how do we get the ifno from person's A & B into the
> Web.Config file and encrypted in the Web.Config file. If person C does
> that they've seen them unencrypted. If person A & B do it, they are
> then on the server for a short period of time.
>
> ??? - thanks - dave
>
> david@
> Windward Reports -- http://www.WindwardReports.com
> me -- http://dave.thielen.com
>
> Cubicle Wars - http://www.windwardreports.com/film.htm
>

Advertisements

Based on the nature of the question you mentioned, it is somewhat a pure
security & cryptography question.

I'm not sure the exact application code logic in your scenario(such as the
front end, backend and intermediate's processing on data and the user/role
based security strategry), would you further explain it? For example, how
will the three users(A,B,C) work in your application(or in different
application tier).

Generally, for symmetric cryptography, a key problem is the key
distribution and key management. Only the sender and receiver should own
the key. For example, if A and B want to exhange data through symmetric
data encryption, only A,B will share a key. And if they want to let a 3rd
party(such as user C) to maintain the data, then, they should offer C the
encrypted data(rather than plain text).

Please feel free to let me know your actual requirement and concerns.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

This posting is provided "AS IS" with no warranties, and confers no rights.

"Dominick Baier" wrote:
> why is the connection string a secret??? This shouldn't be the case...it
> is very easy to find SQL Servers on my network - in the simplest case scan
> every IP address for an open TCP/1433...
>
>
> -----
> Dominick Baier (http://www.leastprivilege.com)
>
> > Yes - sort-of. I'm still learning this too.
> >
> > My question here is person A and B need to put their information in
> > Web.Config. And they should be encrypted in Web.Config (aspnet_regiis
> > -pef ...).
> >
> > The problem is how does person A get their connections tring into
> > Web.Config and aspnet_regiis run on it? Only person C is allowed
> > access to the server and to Web.Config. But they are not allowed to
> > see the unencrypted connection string.
> >
> > Cubicle Wars - http://www.windwardreports.com/film.htm
> >
> > "Steven Cheng[MSFT]" wrote:
> >
> >> Hello Dave,
> >>
> >> Based on the nature of the question you mentioned, it is somewhat a
> >> pure security & cryptography question.
> >>
> >> I'm not sure the exact application code logic in your scenario(such
> >> as the front end, backend and intermediate's processing on data and
> >> the user/role based security strategry), would you further explain
> >> it? For example, how will the three users(A,B,C) work in your
> >> application(or in different application tier).
> >>
> >> Generally, for symmetric cryptography, a key problem is the key
> >> distribution and key management. Only the sender and receiver should
> >> own the key. For example, if A and B want to exhange data through
> >> symmetric data encryption, only A,B will share a key. And if they
> >> want to let a 3rd party(such as user C) to maintain the data, then,
> >> they should offer C the encrypted data(rather than plain text).
> >>
> >> Please feel free to let me know your actual requirement and concerns.
> >>
> >> Sincerely,
> >>
> >> Steven Cheng
> >>
> >> Microsoft MSDN Online Support Lead
> >>
> >> This posting is provided "AS IS" with no warranties, and confers no
> >> rights.
> >>
>
>
>

I'm afraid this is a bit hard. One question, why user A and B can not give
the encrypted connectionstring to C and let it store into the web.config
file? And can't they retrieve the encrypted one later and decrypt them in
their own context?

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

This posting is provided "AS IS" with no warranties, and confers no rights.

-----
Dominick Baier (http://www.leastprivilege.com)
> Because of the username and password in it to connect to the database.
> Am I missing something here?
>
> Cubicle Wars - http://www.windwardreports.com/film.htm
>
> "Dominick Baier" wrote:
>
>> why is the connection string a secret??? This shouldn't be the
>> case...it is very easy to find SQL Servers on my network - in the
>> simplest case scan every IP address for an open TCP/1433...
>>
>> -----
>> Dominick Baier (http://www.leastprivilege.com)
>>> Yes - sort-of. I'm still learning this too.
>>>
>>> My question here is person A and B need to put their information in
>>> Web.Config. And they should be encrypted in Web.Config
>>> (aspnet_regiis -pef ...).
>>>
>>> The problem is how does person A get their connections tring into
>>> Web.Config and aspnet_regiis run on it? Only person C is allowed
>>> access to the server and to Web.Config. But they are not allowed to
>>> see the unencrypted connection string.
>>>
>>> Cubicle Wars - http://www.windwardreports.com/film.htm
>>>
>>> "Steven Cheng[MSFT]" wrote:
>>>
>>>> Hello Dave,
>>>>
>>>> Based on the nature of the question you mentioned, it is somewhat a
>>>> pure security & cryptography question.
>>>>
>>>> I'm not sure the exact application code logic in your scenario(such
>>>> as the front end, backend and intermediate's processing on data and
>>>> the user/role based security strategry), would you further explain
>>>> it? For example, how will the three users(A,B,C) work in your
>>>> application(or in different application tier).
>>>>
>>>> Generally, for symmetric cryptography, a key problem is the key
>>>> distribution and key management. Only the sender and receiver
>>>> should own the key. For example, if A and B want to exhange data
>>>> through symmetric data encryption, only A,B will share a key. And
>>>> if they want to let a 3rd party(such as user C) to maintain the
>>>> data, then, they should offer C the encrypted data(rather than
>>>> plain text).
>>>>
>>>> Please feel free to let me know your actual requirement and
>>>> concerns.
>>>>
>>>> Sincerely,
>>>>
>>>> Steven Cheng
>>>>
>>>> Microsoft MSDN Online Support Lead
>>>>
>>>> This posting is provided "AS IS" with no warranties, and confers no
>>>> rights.
>>>>

Yes, use aspnet_regiis is one way to encrypt the content so that only
ASP.NET runtime can decrypt it. However, for your scenario, you only want
A,B to know the key and be able to encrypt and decrypt the
connectionstring, this violate the usage of ASP.NET/.NET 2.0's
configuration protection/encryption. So I think you can review your current
security design here to see whether any other approach should be better?

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

This posting is provided "AS IS" with no warranties, and confers no rights.

Share This Page

Welcome to The Coding Forums!

Welcome to the Coding Forums, the place to chat about anything related to programming and coding languages.

Please join our friendly community by clicking the button below - it only takes a few seconds and is totally free. You'll be able to ask questions about coding or chat with the community and help others.
Sign up now!